AWS-Certified-Developer-Associate PDF DEMO:

QUESTION NO: 1An AWS customer is deploying a web application that is composed of a front-end running onAmazon EC2 and of confidential data that is stored on Amazon S3. The customer security policy that all access operations to this sensitive data must be authenticated and authorized by a centralized access management system that is operated by a separate security team. In addition, the web application team that owns and administers the EC2 web front-end instances is prohibited from having any ability to access the data that circumvents this centralized access management system.Which of the following configurations will support these requirements?A. Have the separate security team create and IAM role that is entitled to access the data on AmazonS3. Have the web application team provision their instances with this role while denying their IAM users access to the data on Amazon S3B. Configure the web application to authenticate end-users against the centralized access management system. Have the web application provision trusted users STS tokens entitling the download of approved data directly from Amazon S3C. Encrypt the data on Amazon S3 using a CloudHSM that is operated by the separate security team.Configure the web application to integrate with the CloudHSM for decrypting approved data access operations for trusted end-users.D. Configure the web application to authenticate end-users against the centralized access management system using SAML. Have the end-users authenticate to IAM using their SAML token and download the approved data directly from S3.Answer: B

QUESTION NO: 2A user is creating multiple IAM users. What advice should be given to him to enhance the security?A. Grant less privileges for user, but higher privileges for the groupB. Grant least privileges to the individual userC. Grant more privileges to the user, but least privileges to the groupD. Grant all higher privileges to the groupAnswer: BExplanation:It is a recommended rule that the root user should grant the least privileges to the IAM user or the group. The higher the privileges, the more problems it can create.http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

QUESTION NO: 3Regarding Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to the Amazon SNS topic. You specify the queue by its _______.A. URLB. TokenC. ARND. Registration IDAnswer: CExplanation:In Amazon SNS, to send messages to a queue through a topic, you must subscribe the queue to theAmazon SNS topic. You specify the queue by its ARN.http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.html

QUESTION NO: 4You are getting a lot of empty receive requests when using Amazon SQS.This is making a lot of unnecessary network load on your instances.What can you do to reduce this load?A. Use <code>sqsd</code> on your EC2 instances.B. Subscribe your queue to an SNS topic instead.C. Use as long of a poll as possible, instead of short polls.D. Alter your visibility timeout to be shorter.Answer: CExplanation:One benefit of long polling with Amazon SQS is the reduction of the number of empty responses, when there are no messages available to return, in reply to a ReceiveMessage request sent to anAmazon SQS queue. Long polling allows the Amazon SQS service to wait until a message is available in the queue before sending a response.

QUESTION NO: 5A Developer created a Lambda function for a web application backend. When testing theLambda function from the AWS Lambda console, the Developer can see that the function is being executed, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes.What could cause this situation?A. The Lambda function is missing a target CloudWatch Log group.B. The Lambda function does not have any explicit log statements for the log data to send it toCloudWatch Logs.C. The Lambda function is missing CloudWatch Logs as a source trigger to send log data.D. The execution role for the Lambda function is missing permissions to write log data to theCloudWatch Logs.Answer: DExplanation:https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions.html (see note)